This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Logging IM

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Logging IM

Go to solution
josh_ward
Not applicable

‎04-23-2013 11:18 AM

Greetings PA community.  I have a question about leveraging our PA firewalls (pair of 5020's) to log instant messaging.  We're a government agency and some of our employees use instant messaging for business purposes and we MUST log these chats as part of our public records policy.  Everything they do with other government agencies over this chat (which is currently AIM) must be logged and stored as a matter of public record.  We haven't deployed our PA's yet and we're still learning about them and what they can do.  I can't find anything obvious in the documentation except for doing application decryption and packet captures which is cool, but less useful than just a text log like we get from our BlueCoat Proxy today.

Any information or experience folks can provide would be helpful!

Thanks!!

-Josh

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
gwesson
L7 Applicator

‎04-23-2013 12:45 PM

The firewall only goes into the payload to determine the application and vulnerability scanning (viruses, exploits, spyware, etc.). The logs will log the session but not the chat messages themselves. A proxy will fully handle every request and response, and can therefore log all the details of each one. Since the firewall is not copying the details of the payload, that level of logging is not possible with the packets-per-second you get from the firewall.

It is certainly possible that a feature could be added to allow the speed to be sacrificed to achieve the logging you need. I would suggest working with your account team to see how feasible something like that would be.

Hope this helps,

Greg Wesson

View solution in original post

0 Likes Likes
1 REPLY 1

Go to solution
gwesson
L7 Applicator

‎04-23-2013 12:45 PM

The firewall only goes into the payload to determine the application and vulnerability scanning (viruses, exploits, spyware, etc.). The logs will log the session but not the chat messages themselves. A proxy will fully handle every request and response, and can therefore log all the details of each one. Since the firewall is not copying the details of the payload, that level of logging is not possible with the packets-per-second you get from the firewall.

It is certainly possible that a feature could be added to allow the speed to be sacrificed to achieve the logging you need. I would suggest working with your account team to see how feasible something like that would be.

Hope this helps,

Greg Wesson

0 Likes Likes
  • 1 accepted solution
  • 1925 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks